#!/bin/bash
 
# -------------------------------------------------------------------------------
#	Filename:    源码安装openresty-配置WAF
#	系统环境： centos7.x
# -------------------------------------------------------------------------------

# -------------------------------------------------------------------------------
#
# 作者：funet8@163.com
# 20211217

############### yum安装依赖库 ###############
yum install -y pcre-devel openssl-devel gcc postgresql-devel wget git


############### 下载源码包并且安装 ###############
mkdir /data/software
cd  /data/software
wget https://openresty.org/download/openresty-1.19.9.1.tar.gz

# 备用下载地址： 
# wget http://js.funet8.com/centos_software/openresty-1.19.9.1.tar.gz

tar -zxvf openresty-1.19.9.1.tar.gz
cd openresty-1.19.9.1/
./configure --prefix=/usr/local/openresty \
            --with-luajit \
            --without-http_redis2_module \
            --with-http_iconv_module \
            --with-http_postgres_module
gmake && gmake install
	
############### 配置环境变量 ###############
echo '# 配置OpenResty环境变量' >> /etc/profile
echo 'export OPENRESTY_HOME=/usr/local/openresty/' >> /etc/profile
echo 'export PATH=${OPENRESTY_HOME}/bin:$PATH' >> /etc/profile
echo 'PATH=/usr/local/openresty/nginx/sbin:$PATH' >> /etc/profile
echo 'export PATH' >> /etc/profile

source  /etc/profile
nginx -V
nginx -t


#配置文件目录设置######################################################################
#移动nginx配置文件
mkdir -p /data/conf/sites-available/
mkdir -p /data/wwwroot/log/
cp -p /usr/local/openresty/nginx/conf/nginx.conf  /usr/local/openresty/nginx/conf/nginx.conf-bak

rm -rf /usr/local/openresty/nginx/conf/nginx.conf

cd /data/conf/
wget https://gitee.com/funet8/waf/raw/master/nginx_conf/nginx.conf

ln -s /data/conf/nginx.conf /usr/local/openresty/nginx/conf/
echo "nginx.conf move success"

#站点配置
cd /data/conf/sites-available/
wget https://gitee.com/funet8/waf/raw/master/nginx_conf/nginx_main.conf


############### 配置WAF ###############
cd /usr/local/openresty/nginx/conf/
rm -rf /usr/local/openresty/nginx/conf/waf*
git clone https://gitee.com/funet8/waf.git waf-git
cp -a ./waf-git/waf /usr/local/openresty/nginx/conf/

ln -s /usr/local/openresty/lualib/resty/ /usr/local/openresty/nginx/conf/waf/resty
nginx -t

#添加www组和www用户####################################################################
groupadd www
useradd -g www www

#设置目录权限##########################################################################
chown -R www:www /data/wwwroot/web
chown -R www:www /data/conf/sites-available/
#开启防火墙
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
service iptables save
systemctl restart iptables.service

###切割日志
cd /data/conf/shell/
wget https://gitee.com/funet8/waf/raw/master/nginx_conf/cut_log_nginx_openresty.sh
chmod +x /data/conf/shell/cut_log_nginx_openresty.sh
echo "00 00 * * * root /data/conf/shell/cut_log_nginx_openresty.sh" >> /etc/crontab
systemctl restart crond


### 开机启动openresty
echo '开机启动openresty' >> /etc/rc.local
echo '/usr/local/openresty/nginx/sbin/nginx' >> /etc/rc.local

### 
echo '#!/bin/bash
nginx -t' > /root/test_nginx.sh

echo '#!/bin/bash
nginx -s reload
echo nginx已重启

/etc/init.d/php7.3-fpm restart
echo "phpfpm已重启"' > /root/updata_nginx_fpm.sh





